Why is patching so difficult?

April 25, 2017

I don't know how many companies that I have worked for in the past that haven't patched in years. Patching systems is not only one of the best things you can do in defense of malware and hackers, but it is also a requirement of many compliances such as PCI-DSS. It is very important to not only patch the main Operating System but the additional applications installed. Many companies find this difficult since they don't track what's out there on individual user systems. There are applications that can audit an environment and even assist in applying patches.

My recommendations...

  1. Come up with a patch management plan that includes all company systems.
  2. Test. Start with a test user group, and for your server environment, start with the development environment.
  3. Keep widening your target areas until full patch coverage is achieved.
  4. Plan on performing a full patch cycle at least once a month.

A lot of this can be automated and done with little intervention from the human once it's setup.

Please let me know if you need any assistance as I'd be more than happy to help.